diff --git a/CHANGES b/CHANGES index 8bd294aae..4637a08cd 100644 --- a/CHANGES +++ b/CHANGES @@ -1591,7 +1591,6 @@ [4.0.1] * Make it easier to import email -* Give SFTP access only to admins [4.0.2] * Fix GCDNS crash diff --git a/src/ldap.js b/src/ldap.js index 2d6c3e2d2..9da6c0948 100644 --- a/src/ldap.js +++ b/src/ldap.js @@ -520,22 +520,25 @@ function userSearchSftp(req, res, next) { users.getByUsername(username, function (error, user) { if (error) return next(new ldap.OperationsError(error.toString())); - if (!user.admin) return next(new ldap.InsufficientAccessRightsError('Not authorized')); + apps.hasAccessTo(app, user, function (error, hasAccess) { + if (error) return next(new ldap.OperationsError(error.toString())); + if (!hasAccess) return next(new ldap.InsufficientAccessRightsError('Not authorized')); - var obj = { - dn: ldap.parseDN(`cn=${username}@${appFqdn},ou=sftp,dc=cloudron`).toString(), - attributes: { - homeDirectory: path.join('/app/data', app.id, 'data'), - objectclass: ['user'], - objectcategory: 'person', - cn: user.id, - uid: `${username}@${appFqdn}`, // for bind after search - uidNumber: uidNumber, // unix uid for ftp access - gidNumber: uidNumber // unix gid for ftp access - } - }; + var obj = { + dn: ldap.parseDN(`cn=${username}@${appFqdn},ou=sftp,dc=cloudron`).toString(), + attributes: { + homeDirectory: path.join('/app/data', app.id, 'data'), + objectclass: ['user'], + objectcategory: 'person', + cn: user.id, + uid: `${username}@${appFqdn}`, // for bind after search + uidNumber: uidNumber, // unix uid for ftp access + gidNumber: uidNumber // unix gid for ftp access + } + }; - finalSend([ obj ], req, res, next); + finalSend([ obj ], req, res, next); + }); }); }); }